Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add admin-mac=08:55:31:01:C4:BC auto-mac=no comment=defconf name=bridge
- /interface vlan
- add interface=ether4 name=ELAN vlan-id=2
- add interface=ether4 name=INFRA vlan-id=1000
- add interface=ether4 name=IOT vlan-id=3
- add interface=ether4 name=WIFI vlan-id=4
- /interface list
- add comment=defconf name=WAN
- add comment="VLAN list for easy access" name=VLANs
- add comment=defconf include=VLANs name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip hotspot profile
- set [ find default=yes ] html-directory=flash/hotspot
- /ip pool
- add name=dhcp ranges=192.168.1.100-192.168.1.199
- add name=dhcp_pool1 ranges=192.168.2.100-192.168.2.254
- add name=dhcp_pool2 ranges=192.168.3.100-192.168.3.254
- add name=dhcp_pool3 ranges=192.168.2.100-192.168.2.254
- add name=dhcp_pool4 ranges=192.168.3.100-192.168.3.254
- add name=dhcp_pool5 ranges=192.168.4.50-192.168.4.254
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=bridge name=defconf
- add address-pool=dhcp_pool3 disabled=no interface=ELAN name=dhcp_elan
- add address-pool=dhcp_pool4 disabled=no interface=IOT name=dhcp_iot
- add address-pool=dhcp_pool5 disabled=no interface=WIFI name=dhcp_wifi
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2
- add bridge=bridge comment=defconf interface=ether3
- add bridge=bridge comment=defconf disabled=yes interface=ether4
- add bridge=bridge comment=defconf interface=ether5
- add bridge=bridge comment=defconf interface=sfp1
- /ip neighbor discovery-settings
- set discover-interface-list=LAN
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- add interface=ELAN list=VLANs
- add interface=INFRA list=VLANs
- add interface=IOT list=VLANs
- add comment=VLANs interface=WIFI list=VLANs
- /ip address
- add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
- add address=192.168.2.1/24 comment=ELAN interface=ELAN network=192.168.2.0
- add address=192.168.3.1/24 comment=IOT interface=IOT network=192.168.3.0
- add address=192.168.4.1/24 comment=WIFI interface=WIFI network=192.168.4.0
- add address=192.168.200.1/24 comment=INFRA interface=INFRA network=192.168.200.0
- /ip dhcp-client
- add comment=defconf disabled=no interface=ether1
- /ip dhcp-server network
- add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 domain=localdomain gateway=192.168.1.1 netmask=24
- add address=192.168.2.0/24 comment=ELAN dns-server=192.168.2.1 gateway=192.168.2.1
- add address=192.168.3.0/24 comment=IOT dns-server=192.168.3.1 gateway=192.168.3.1
- add address=192.168.4.0/24 comment=WIFI dns-server=192.168.4.1 domain=localdomain gateway=192.168.4.1 netmask=24
- /ip dns
- set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
- /ip dns static
- add address=192.168.1.1 comment=defconf name=router.localdomain type=A
- add address=192.168.1.10 comment="main server" name=rotom.localdomain type=A
- add address=192.168.1.25 comment="Minecraft server" name=deoxys.localdomain type=A
- add address=192.168.1.24 comment="Git server" name=latios.localdomain type=A
- add address=192.168.1.200 comment="Main NAS - FreeNAS" name=freenas.localdomain type=A
- add address=192.168.1.11 comment=Photon name=photon.localdomain type=A
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
- add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
- add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
- add action=dst-nat chain=dstnat comment="Web Server" dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.1.30 to-ports=443
- /system clock
- set time-zone-name=America/Los_Angeles
- /system identity
- set name=Router
- /system script
- add dont-require-permissions=no name=DHCPtoDNS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=""
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement